Kaspersky Lab

 

Press Releases

05.04.2018

Software flaws still have the potential to outfox the most experienced cybersecurity teams

Allowing customers to ‘detonate’ suspicious files in a virtual environment with a full report on the file’s activities, Kaspersky Cloud Sandbox is designed to boost the efficiency of incident response and cybersecurity forensics without any risks to the company’s IT systems. Delivered through the cloud, the service enables businesses to take advantage of sandboxes without any additional investments in hardware infrastructure. The solution is available by subscription as part of the Kaspersky Threat Intelligence Portal

In recent times exploiting in flaws in legitimate pieces of software have become a favorite tool of criminals, as malicious activities can be easily hidden behind trusted processes. Even experienced cybersecurity teams can’t always be sure if it has spotted all the malware because of such techniques. To solve that, teams have to be equipped with advanced detection technologies, including sandboxing, which often requires significant hardware investments that are not easily feasible for many IT Security teams.

With Kaspersky Cloud Sandbox, advanced detection and forensic capabilities are available as a service within the Kaspersky Threat Intelligence Portal, allowing cybersecurity teams to ensure they meet their budget requirements while also benefitting from advanced technology. The service enables cybersecurity teams and security operations center (SOC) specialists to obtain deep insights into malware behavior and design, detecting targeted cyberthreats that were not identified in the wild. 

Advanced anti-evasion techniques: revealing a hidden truth

To lure malware into revealing its potential, sandbox technology performance should possess advanced anti-evasion techniques. A malicious program, developed to run in a certain software environment, will not activate on a ‘clean’ virtual machine. To avoid this, Kaspersky Cloud Sandbox applies the user’s various emulation techniques, such as Windows button clicking, document scrolling, special routine processes giving malware an opportunity to expose itself, the randomization of user environment parameters and many others.

Logging system: nothing gets missed in the noise

Once a piece of malware starts running its destructive activities, Kaspersky Cloud Sandbox uses its logging subsystem, intercepts malicious actions non-invasively. When a document starts to behave suspiciously - for example, if it starts building a string in the machine memory, executing Shell commands, or dropping its payloads - these events are registered in the Kaspersky Cloud Security logging subsystem, which has the ability to detect a vast spectrum of malicious events including DLLs, registry key registration and modification, HTTP and DNS requests, file creation, deletion and modification etc. The customer is then provided with a full report containing data visualization graphs and screenshots, as well as a readable sandbox log.

Detection and incident response performance: second to none

Kaspersky Cloud Sandbox detection performance is supported by real-time threat intelligence from Kaspersky Security Network (KSN), providing customers with immediate status of both known and new threats discovered in the wild. Advanced behavioral analysis based on 20 years of Kaspersky Lab threat research experience of fighting the most complex threats, allows customers to detect previously unseen malicious objects.

As well as getting advanced detection capabilities, SOC experts and researchers can amplify their incident response activities with other services available through the Kaspersky Threat Intelligence Portal. When performing digital forensics or an incident response, a cybersecurity officer can receive the latest detailed threat intelligence about URLs, domains, IP addresses, file hashes, threat names, statistical/behavior data and WHOIS/DNS data, and then link that knowledge to the IOCs generated by the sample that was analyzed within the Cloud Sandbox. APIs to automate its integration into customer security operations are also available, allowing cybersecurity teams to boost their incident investigations in a matter of minutes. 

“In today’s increasingly heightened threat landscape, the need for businesses to arm themselves with rapid incident response abilities and digital forensics has never been greater in the fight against cybercrime. Kaspersky Cloud Sandbox will help address these challenges and is an important addition to Kaspersky Lab’s global threat intelligence ecosystem. It is available within the Kaspersky Threat Intelligence Portal, complementing the vast resources already available. Kaspersky Cloud Sandbox allows for detailed analysis of files, allowing cybersecurity researchers and security operations centre teams to gain insights into file behaviors without any risks to a company’s existing IT infrastructure,” – said Adam Maskatiya, General Manager UKI, Kaspersky Lab.

To find out more about Kaspersky Cloud Sandbox, please visit this link.

Press Contact

Rhiannon Clarke

Send e-mail
Tel. +44-(0)118 909 0909

Download Documents

Kaspersky Lab on the Web

Virus Analyst Blogs